b'                                              UNITED STATES DEPARTMENT OF COMMERCE\n                                              The Inspector General\n                                              Washington, D.C. 20230\n\n\n\n\nApril 14,2010\n\nThe Honorable Darrell Issa\nRanking Member\nCommittee on Oversight and Govenunent Reform\nHouse of Representatives\n2157 Rayburn House Office Building\nWashington, D.C. 20515-6143\n\nDear Mr. Issa:\n\nIn response to your request of March 24, 2010, we are providing current information on\nour office\'s open and unimplemented recommendations (see enclosure 1). We have no\nopen or unimplemented recommendations with potential monetary benefits. As\nrequested, we also identify what our office considers to be the three most important\nunimplemented recommendations (see enclosure 2).\n\nIn your letter you also solicited our opinion about improving the Inspector General Act of\n1978. We are providing our response under separate cover.\n\nIf you have any questions or require additional information, you or your staff may contact\nme at (202) 482-4661 or Judith J. Gordon, Associate Deputy Inspector General, at (202)\n482-2754.\n\nSincerely,\n\n\n~~\'5~\nTodd J. Zinser\n\nEnclosures (2)\n\ncc: The Honorable Edolphus Towns, Chairman\n\x0cu.s. Department of Commerce                                                        Enclosure 1\nOffice of Inspector General\n\n\n\n\n             Open and Unimplemented Recommendations Since 2007*\n                           (As of March 31, 2010)\n                                                   Recommendations    Recommendations\nCalendar    Recommendations    Recommendations\n                                                        Still         Implemented since\n Year            Made             Still Open\n                                                    Unimolemented        Jan 5,2009\n  2007                  187                   0                  49                 17\n  2008                  143                   0                   8                107\n  2009                  100                   0                  68                 32\n2010 (as\nof 3/31)                 20                   0                  16                  4\n  Total                 450                   0                141                 160\n\n\n*The chart was compiled by reviewing all performance audit, evaluation, and inspection\nreports issued by Commerce DIG during the period of January 1,2007, through March\n31,2010. We consider an "open" recommendation to be an OIG recommendation that a\nbureau has not accepted, and an "unimplemented" recommendation to be a\nrecommendation that a bureau has accepted but has not yet implemented. We have not\nreported on classified or sensitive non-public recommendations, recommendations in\nfinancial statement audits, or those addressed to specific non-federal entities in\nconnection with audits of financial assistance awards.\n\x0cU.S. Department of Commerce                                                            Enclosure 2\nOffice of Inspector General\n\n\n\n\n                    Top Three Unimplemented Recommendations\n\n1.2010 Census: Quarterly Report to Congress (010-19791-1), August 2009\n\nOur review found" serious limitations to effective management and oversight of the 2010\nCensus including lack of integration of schedule activities and budget plan/expenditures,\nan unreliable cost estimate for the decennial census, delayed risk management activities,\nand lack of transparency in monthly status reports. We made the following set of\nrecommendations for improving 2020 Census planning and oversight:\n\n   \xe2\x80\xa2\t Complete the schedule development process earlier in the 2020 decennial life-cycle.\n      Utilize the bureau\'s project management software to integrate cost and schedule\n      activities of bureau and contractor operations to allow Census managers to better\n      track the status of available funds, forecast impending underruns and overruns so that\n      funds can be reallocated promptly, and improve the transparency of decennial\n      decisions to Census stakeholders.\n\n   \xe2\x80\xa2\t    Develop a transparent decision documentation strategy to account for 2020 Census\n        program and spending decisions.\n\n   \xe2\x80\xa2\t   Strengthen and implement a risk management strategy and relevant contingency plans\n        prior to the start of 2020 decennial census operations.\n\na) Status of Recommendation: Census has agreed with our recommendations. Planning for\nthe 2020 Census is under way.\n\nb) Estimated Cost Savings: The cost savings cannot be projected. However, the total\ncost of the 2010 Census is projected to be $14.7 billion, which includes cost growth\nestimated to exceed $3 billion. Improved planning, management, oversight, and\ntransparency are critical to containing cost and avoiding similar overruns in the 2020\nCensus.\n\nc) Whether agency plans to implement the recommendation in the near future:\nAccording to the bureau, a small core team at Census has begun early planning and is\nfocused on establishing planning and program management processes to ensure a\nfoundation for designing the 2020 Census.\n\x0cU.S. Department of Commerce                                                            Enclosure 2\nOffice of Inspector General\n\n\n2. Commerce Should Take Steps to Strengthen Its Information Technology Security\nWorkforce (CAR-19569-1), September 2009\n\nIT security weaknesses have been sufficiently serious that the Secretary of Commerce has\nreported this issue as a material weakness in the annual Performance and Accountability\nReport since FY 2001, pursuant to the Federal Managers\' Financial Integrity Act of 1982.\nBased on our reviews, we have attributed the persistence of the material weakness, in\npart, to weaknesses in the IT security workforce and have recently completed an audit in\nwhich we found that the Department needs to devote more attention to the professional\ndevelopment and guidance of the IT security personnel who protect the Department\'s\nsensitive computer systems and information.\n\nWe made a number of recommendations for improving the IT security workforce\nincluding to enhance the professional development of personnel with significant IT\nsecurity responsibilities. In particular, we noted that the only federal job classification\nspecifically targeted toward IT security does not require a college degree and\nrecommended that the Department develop and implement a requirement for professional\ncertifications for key IT security personnel.\n\na) Status of Recommendation: The Department agreed with our recommendation and\nhas developed an implementation plan.\n\nb) Estimated Cost Savings: The cost savings cannot be projected. However,\nimplementation of the recommendation not just for the Department of Commerce but for\nall civilian agencies would substantially improve the capacity of the IT security\nworkforce and thus the security of sensitive government information and systems.\nRecognizing a similar need, the Department of Defense began implementing a\nprofessional certification requirement for its IT security workforce in 2004 with a goal of\nfull compliance by 2011.\n\nc) Whether agency plans to implement the recommendation in the near future: The\nDepartment is developing a policy that will require noncertified personnel in roles\nrequiring certification to work with their supervisors to establish a development plan\nleading to successful accomplishment of an appropriate certification. Certification will\nalso be required for new employees in designated roles.\n\x0cU.S. Department of Commerce                                                             Enclosure 2\nOffice of Inspector General\n\n\n3. Successful Oversigltt of GOES-R Requires Adlterence to Accepted Satellite\nAcquisition Practices (OSE-18291), November 2007\n\nIn 2005, the Department and NOAA assumed oversight and management responsibility\nfor the entire Geostationary Operational Environmental Satellite (GOES-R) program,\nwhich is now projected to cost $7.7 billion. This represents a $1.5 billion increase from\nthe original estimate. For the first time, NOAA, rather than NASA, has the lead role in\nGOES-R\'s program management and acquisition, thus giving the Department direct\noversight authority for both the ground and space segments. While this change was\npositive overall, these new roles added risk to an already highly complex undertaking.\nOur review found that the Department lacked a workable oversight structure not just for\nGOES-R but for all major acquisitions. Accordingly, we made the following\nrecommendation:\n\n   \xe2\x80\xa2\t Complete and implement the Department\'s major system acquisition policy. For\n\n      satellite programs, ensure the policy incorporates the key decision points in NPR\n\n      7120. 5D and requires comprehensive independent reviews at all key decision\n\n      points. (NPR 7120.5D is a NASA policy that NOAA has adopted for its satellite\n\n      acquisition activities.)\n\n\na) Status of Recommendation: The Department agreed to develop a major systems\nacquisition policy by the third quarter of FY 2008 but stated that in creating the policy, a\nkey decision point structure would be considered, along with other approaches. This\ndeadline was not met. The current Deputy Secretary has convened a steering conunittee\nto develop a Department-wide major investment oversight policy.\n\nb) Estimated Cost Savings: The cost savings cannot be projected. However, with an\nestimate of nearly $20 billion to be spent on two critical environmental satellite systems\nover their life cycle and $2.6 billion in major IT investments in FY 2010 alone, the\nDepartment must have an effective oversight program in place.\n\nc) Whether agency plans to implement the recommendation in the near future: The\nDepartment has not provided a specific date as to when the. reconunendation will be\nimplemented. As noted above, it is actively working this issue at the direction of the\nDeputy Secretary.\n\x0c'